Package: dpkg Version: 1.19.0.5 Severity: minor Tags: newcomer -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256
The dpkg-deb command learned the option --root-owner-group in [1][2]. I believe this option can be safely removed and turned on by default. [1] https://bugs.debian.org/291320 dpkg-deb: New --build --owner=root option to avoid fakeroot [2] https://salsa.debian.org/dpkg-team/dpkg/commit/2436807c87b033a1ea25164d3b951cd559084a5a The tar command has the options --owner-map and --group-map which can be used to except owners and groups from being converted to root:root by the --owner and --group options. I produced a list of owners and groups used by packages found by lintian: $ w3m -dump https://lintian.debian.org/tags/should-specify-rules-requires-root.html \ | egrep "\([^:]+:[^:]+\)" \ | cut -d \( -f 2 \ | sort -u All owners and groups are reserved by base-passwd. It should therefor be save to call tar for data.tar unconditionally with - --owner root --group root - --owner-map reserved-owners - --group-map reserved-groups assuming that reserved-* contains mapping of all reserved owners and groups to themselves. Please let me know if you think this is a good idea and worth crafting a patch. related: #884999 debhelper: Please default Rules-Require-Root to no -----BEGIN PGP SIGNATURE----- iQIzBAEBCAAdFiEEdgQCBVl/ppbxMTvKB/xIkQQrploFAltLe8cACgkQB/xIkQQr plq4HRAA4Yt1CdNyVYzMBABgMAvWzuW5aUltUZNInh7v26GDriT6BI2A24Cj6oqe 7uc0taf9iqilkT4oxg08kwM1hGt/T5CcOf72WZ7BeKArC9CjBjyxTLe4UWVn+oB1 LRORyKBP6i9Lx3hagjkQd8vfSEH4I2j21+ddRiIhnRIRo2629mpz2MU9qir+0bwj xat8Vm2jArPc3DBFY8TVBZTne/OStaiYA26I5JLQUNFjgAOer3wBrJkPXPZKB8jI Isnha0QlmUbGGkI/LuOnm9duDiZqKMqnwbukxMf+BOLJEmrljPkt1NFPf5iU/ddq yD+xtsOeIr7aRyC5QFoMNbJJVUj5g7n6Q25rteaCmpzTWPVGpnsAMblop9qWNa9Q mWtoFKA/DWnHp2u1qy/kcmXfYcjp+3y8sA/OZMA6sI6XLucY9TvRopjAFfEa1H2p wS0Qpt+qR2D6oivRYVHIr1KFi8roDkCIk8NOkrTfAbONVeZnaIcsWKEsdz117bIs TnEms6yJu828/TkQP1uE+nOXInaGNFxp4LZJpQgF5mSR4Pe2ZLiejnvQNRvNBZnr /KY6IR684DmolRG4SjiTxz25nftb4cxTRV2YBuZZ1etX50Hz3n9PapAl5OIvq1Ga AnnPeY+Qte2+XtdMIDXBhdMwWlsGl1veae+2ikJYK0JoB3Us59w= =eHdt -----END PGP SIGNATURE-----
